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Amendment to the Claims 

1 . (previously presented) A process for a simplified access control language that controls 
5 access to directory entries in a computer environment, comprising the steps of: 

providing a system administrator defined read access control command for a usen 
said system administrator defined read access control command listing a set of 

Lightweight Directory Access Protocol user attributes selected and controlled by said 

administrator; 

1 0 said user selecting a subset from said system administrator defined LDAP user 

attributes for allowing user defined read access to other users; 

providing a user defined access control command attribute read list containing user 

identifications that are allowed to read said user defined subset of said system administrator 

defined LDAP user attributes; and 
15 said read access control command referring to said user defined read list at runtime 

thereby allowing said read user identifications read access to said system administrator 

defined LDAP user attributes*; 

wherein said read access control command resides in a directory containing said 

LDAP attributes. 

20 

2. (original) The process of Claim 1 , wherein upon a client read access, the directory -server 
. selects a specific read access control command according to the attribute being accessed 

and refers to the read list of the owner of the attribute being accessed to determine if said 
client has permission to execute said read aocess. 

25 

3. (original) The process of Claim 1 , further comprising the steps of: 

providing a user defined write list containing user identifications that are allowed to 
write a specified set of attributes; 

providing a system administrator defined write access control command; 
30 said write aocess control command listing the user attributes that said administrator 

has selected for user defined write access; and 

said write access control command referring to said user defined write list thereby 
allowing said write user identifications write access to said user attributes. 

35 4. (original) The process of Claim 3, wherein upon a client write access, the directory server 
selects a specific write access control command according to the attribute being accessed 

8 
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and refers to the write list of the owner of the attribute being accessed to determine if said 
client has permission to execute said write access. 

5. (previously presented) A process for a simplified access control language that controls 
5 access to directory entries in a computer environment, comprising the steps of: 

providing for a user a system administrator defined read access control command 
that lists Lightweight Directory Access Protocol (LDAP) user attributes that said administrator 
has selected for user defined read access, said user selecting a subset of user defined 
LDAP user attributes from said list for read access to other users; 
1 0 providing for a user a system administrator defined write access control command 

that lists LDAP user attributes that said administrator has selected for user defined write 
acoess, said user selecting a subset of user defined LDAP user attributes from said list for 
write access to other users; 

providing a plurality of user defined access control command attribute read lists 
15 containing user identifications that are allowed to read said user defined subset from said 
LDAP user attributes that said administrator has selected for user defined read access; and 

providing a plurality of user defined access control command attribute write lists 
containing user identifications that are allowed to write said user defined subset from said 
LDAP user attributes that said administrator has selected for user defined write access; 
20 wherein said read access control command and said write access control command 

reside in a directory containing said LDAP user attributes; 

wherein when a client read access to one of the LDAP user attributes that said 
administrator has selected for user defined read access occurs, said read aocess control 
command and the read list of the owner of the attribute being accessed are used to 
25 determine if said client has permission to execute said read access; and 

wherein when a client write access to one of the LDAP user attributes that said 
administrator has selected for user defined write access occurs, said write access control 
command and the write list of the owner of the attribute being accessed are used to 
determine if said client has permission to execute said write access. 

30 

6, (previously presented) A process for a simplified access control language that controls 
access to directory entries in a computer environment, comprising the steps of: 

providing a system administrator defined write access control command for a user; 
said system administrator defined write access control command listing a set of 
35 Lightweight Directory Access Protocol user attributes selected and controlled by said 
administrator; 

9 
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said user selecting a subset from said system administrator defined LDAP user 
attributes for allowing user defined write access to other users; 

providing a user defined access control command attribute write list containing user 
identifications that are allowed to write said user defined subset of said system administrator 
5 defined LDAP user attributes; and 

said write access control command referring to said user defined write list at runtime 
thereby allowing said write user identifications write access to said system administrator 
defined LDAP user attributesr; 

wherein said write access control command resides in a directory containing said 
1 0 LDAP attributes. 

7. (original) The process of Claim 6, wherein upon a client write access, the directory server 
selects a specific write access control command according to the attribute being accessed 
and refers to the write list of the owner of the attribute being accessed to determine if said 

1 5 client has permission to execute said write access. 

8. (original) The process of Claim 6, further comprising the steps of: 

providing a user defined read list containing user identifications that are allowed to 
read a specified set of attributes; and 
20 providing a system administrator defined read access control command; 

wherein said read access control command lists the user attributes that said 
administrator has selected for user defined read access; and 

wherein said read access control command refers to said user defined read list thereby 
allowing said read user identifications read access to said user attributes. 

25 

9. (original) The process of Claim 8, wherein upon a client read access, the directory server 
selects a specific read access control command according to the attribute being accessed 
and refers to the read list of the owner of the attribute being accessed to determine if said 
client has permission to execute said read access. 

30 

1 0. (previously presented) An apparatus for a simplified access control language that 
controls access to directory entries in a computer environment, comprising: 

a system administrator defined read access control command for a user; 
means for said system administrator defined read access control command listing a 
35 set of Lightweight Directory Access Protocol (LDAP) user attributes selected and controlled 
by said administrator; 

10 
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means for said user selecting a subset from said system administrator defined 
LDAP user attributes for allowing user defined read access to other users; 

a user defined access control command attribute read list containing user 
identifications that are allowed to read said user defined subset of system administrator 
5 defined LDAP user attributes; and 

means for said read access control command referring to said user defined read list at 
runtime thereby allowing said read user identifications read access to said system 
administrator defined LDAP user attributes; 

wherein said read access control command resides in a directory containing said 
1 0 LDAP user attributes. 

Unoriginal) The apparatus of Claim 10, wherein upon a client read access, the directory 
server selects a specific read access control command according to the attribute being 
accessed and refers to the read list of the owner of the attribute being accessed to 
1 5 determine if said client has permission to execute said read access. 

12. (original) The apparatus of Claim 10, further comprising: 

a user defined write list containing user identifications that are allowed to write a 
specified set of attributes; and 
20 a system administrator defined write access control command; 

wherein said write access control command lists the user attributes that said 
administrator has selected for user defined write access; and 

wherein said write access control command refers to said user defined write list 
thereby allowing said write user identifications write access to said user attributes. 

25 

13. (original) The apparatus of Claim 12, wherein upon a client write access, the directory 
server selects a specific write access control command according to the attribute being 
accessed and refers to the write list of the owner of the attribute being accessed to 
determine if said client has permission to execute said write access. 

30 

14. (previously presented) An apparatus for a simplified access control language that 
controls access to directory entries in a computer environment, comprising: 

a system administrator defined read access control command for a user that lists 
Lightweight Directory Access Protocol (LDAP) user attributes that said administrator has 
35 selected for user defined read access, said user selecting a subset of user defined LDAP 
user attributes from said list for read access to other users; 



1 1 
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a system administrator defined write access control command for a user that lists 
LDAP user attributes that said administrator has selected for user defined write access, said 
user selecting a subset of user defined LDAP user attributes from said list for write access 
to other users; 

5 a plurality of user defined access control command attribute read lists containing user 

identifications that are allowed to read said user defined subset from said LDAP user 
attributes that said administrator has selected for user defined read aocess; and 

a plurality of user defined access control command attribute write lists containing user 
identifications that are allowed to write said user defined subset from said LDAP user 
1 0 attributes that said administrator has selected for user defined write access; ) 

wherein said read access control command and said write access control command 
reside in a directory containing said LDAP attributes; 

wherein when a client read aocess to one of the LDAP user attributes that said 
administrator has selected for user defined read access occurs, said read access control 
15 command and the read list of the owner of the attribute being accessed are used to 
determine if said client has permission to execute said read access; and 

wherein when a client write access to one of the LDAP user attributes that said 
administrator has selected for user defined write access occurs, said write access control 
command and the write list of the owner of the attribute being accessed are used to 
20 determine if said client has permission to execute said write access. 

15. (previously presented) An apparatus for a simplified access control language that 
controls access to directory entries in a computer environment, comprising: 

a system administrator defined write access control command for a user; 
25 means for said system administrator defined write access control command listing a 

set of Lightweight Directory Access Protocol (LDAP) user attributes selected and controlled 
by said administrator; 

means for said user selecting a subset from said system administrator defined 
LDAP user attributes for allowing user defined write access to other users; 
30 a user defined access control command attribute write list containing user 

identifications that are allowed to write said user defined subset of system administrator 
defined LDAP user attributes; and 

means for said write access control command referring to said user defined write list 
at runtime thereby allowing said write user identifications write access to said system 
35 administrator defined LDAP user attributes; 



12 



PAGE 13/17 * RCVD AT 8/3/2004 8:0 1 :03 PM [Eastern Daylight Time] < SVR:USPT0€FXRF-1/2 * DNIS:8729306 1 CSID:650 474 8401 4 DURATION (nm«s):Q546 



08/03/2004 TUE 17:04 FAX 650 474 8401 GLENN PATENT GROUP 



1014/017 



wherein said write access control command resides in a directory containing said 
LDAP user attributes. 

1 6. (original) The apparatus of Claim 15, wherein upon a client write access, the directory 
5 server selects a specific write access control command according to the attribute being 

accessed and refers to the write Jist of the owner of the attribute being accessed to 
determine if said client has permission to execute said write access. 

1 7. (original) The apparatus of Claim 1 5, further comprising: 

10 a user defined read list containing user identifications that are allowed to read a 

specified set of attributes; 

a system administrator defined read access control command; 
wherein said read access control command lists the user attributes that said 
administrator has selected for user defined read access; and 
15 wherein said read access control command refers to said user defined read list thereby 
allowing said read user identifications read access to said user attributes. 

1 8. (original) The apparatus of Claim 17, wherein upon a client read access, the directory 
server selects a specific read access control command according to the attribute being 

20 accessed and refers to the read list of the owner of the attribute being accessed to 
determine if said client has permission to execute said read access. 

19. (previously presented) A program storage medium readable by a computer, tangibly 
embodying a program of instructions executable by the computer to perform method 

25 steps for a simplified access control language that controls access to directory entries in a 
computer environment, comprising the steps of: 

providing a system administrator defined read access control command for a user; 
said system administrator defined read access control command listing a set of 
Lightweight Directory Access Protocol user attributes selected and controlled by said 
30 administrator; 

said user selecting a subset from said system administrator defined LDAP user 
attributes for allowing user defined read access to other users; 

providing a user defined access control command attribute read list containing user 
identifications that are allowed to read said user defined subset of said system administrator 
35 defined LDAP user attributes; and 
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said read access control command referring to said user defined read list at runtime 
thereby allowing said read user identifications read access to said system administrator 
defined LDAP user attrlbutesr; 

wherein said read access control command resides In a directory containing said 
5 LDAP attributes. 

20. (original) The method of Claim 19, wherein upon a client read access, the directory 
server selects a specific read access control command according to the attribute being 
accessed and refers to the read list of the owner of the attribute being accessed to 
1 0 determine if said client has permission to execute said read access. 

21 .(original) The method of Claim 1 9, further comprising the steps of: 

providing a user defined write list containing user identifications that are allowed to 

write a specified set of attributes; 
1 5 providing a system administrator defined write access control command; 

said write access control command listing the user attributes that said administrator 

has selected for user defined write access; and 

said write access control command referring to said user defined write list thereby 

allowing said write user identifications write access to said user attributes. 

20 

22. (original) The method of Claim 21, wherein upon a client write access, the directory 
server selects a specific write access control command according to the attribute being 
accessed and refers to the write list of the owner of the attribute being accessed to 
determine if said client has permission to execute said write access. 

25 

23. (previously presented) A program storage medium readable by a computer, tangibly 
embodying a program of instructions executable by the computer to perform method 
steps for a simplified access control language that controls access to directory entries in a 
computer environment, comprising the steps of: 

30 providing for a user a system administrator defined read access control command 

that lists Lightweight Directory Access Protocol (LDAP) user attributes that said administrator 
has selected for user defined read access, said user selecting a subset of user defined 
LDAP user attributes from said list for read access to other users; 

providing for a user a system administrator defined write access control command 

35 that lists LDAP user attributes that said administrator has selected for user defined write 
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access, said user selecting a subset of user defined LDAP user attributes from said list for 
write access to other users; 

providing a plurality of user defined access control command attribute read lists 
containing user identifications that are allowed to read said user defined subset from said 
5 LDAP user attributes that said administrator has selected for user defined read access; 

providing a plurality of user defined access control command attribute write lists 
containing user identifications that are allowed to write said user defined subset from said 
LDAP user attributes that said administrator has selected for user defined write access; 

wherein said read access control command and said write access control command 
1 0 reside in a directory containing said LDAP attributes; 

wherein when a client read access to one of the LDAP user attributes that said 
administrator has selected for user defined read access occurs, said read access 

control command and the read list of the owner of the attribute being accessed are 
used to determine if said client has permission to execute said read access; and 
1 5 wherein when a client write access to one of the LDAP user attributes that said 

administrator has selected for user defined write access occurs, said write access control 
command and the write list of the owner of the attribute being accessed are used to 
determine if said client has permission to execute said write access. 

20 24. (previously presented) A program storage medium readable by a computer, tangibly 
embodying a program of instructions executable by the computer to perform method 
steps for a simplified access control language that controls access to directory entries in a 
computer environment, comprising the steps of: 

providing a system administrator defined write access control command for a user; 

25 said system administrator defined write access control command listing a set of 

Lightweight Directory Access Protocol user attributes selected and controlled by said 
administrator; 

said user selecting a subset from said system administrator defined LDAP user 
attributes for allowing user defined write access to other users; 
30 providing a user defined access control command attribute write list containing user 

identifications that are allowed to write said user defined subset of said system administrator 
defined LDAP user attributes; and 

said write access control command referring to said user defined write list at runtime 
thereby allowing said write user identifications write access to said system administrator 
35 defined LDAP user attributes^; 
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wherein said write access control command resides in a directory containing said 
LDAP attributes. 



16 



PAGE 17/17 1 RCVD AT 8/3/2004 8:01:03 PM [Eastern Daylight Time] ' SVR:USPT0€FXRF-1/2 * DNIS:8729306 » C8ID:6S0 474 8401 1 DURATION (mm-ss):05-36 



